<?php
/**
 * Author Yulin
 * Email  dwzhanglong@126.com
 * Date   2016-6-22
 * Func   后台管理员
 */
defined('IN_YuLin') || exit('NO PERMIT!');

$table = Table('admin_user');
$gtable = Table('admin_group');
if(IS_POST)
{
	$id = intval($_REQUEST['id']);
    
    $data = $id ? $db->getrow('SELECT * FROM '.$table.' WHERE id = '.$id.' AND status IN (0,1)') : array();
    
    $post = $_POST['data'];
    
    $ins = [];
    $ins['gid']     =   intval($post['gid']);
    $ins['username']=   NoBadStr($post['username']);
    $ins['truename']=   NoBadStr($post['truename']);
    $ins['tel']     =   NoBadStr($post['tel']);
    
    $password = trim($post['password']);
    
    if($data['id'])
    {
        $password && $ins['password'] = Password($password);
        
        $msg = '修改管理员成功';
        $db->exec('UPDATE '.$table.' SET '.CreateUpdateSql($ins).' WHERE id = '.$data['id']);
    }
    else
    {
        $ins['password']    =   Password($password);
        $ins['status']      =   1;
        $ins['dateline']    =   TIMESTAMP;
        
        $msg = '添加管理员成功';
        $db->exec('INSERT INTO '.$table.CreateInsertSql($ins));
        
        $data['id'] = $db->insert_id();
        !$data['id'] && ShowMsg('添加管理员失败',-1);
    }
    
	ShowMsg($msg,'?m='.$m.'&c='.$c.'&cid='.$cid);
}

$group = [];
$tmp = $db->getall('SELECT * FROM '.$gtable);
foreach($tmp as $val)
{
    $group[$val['id']] = $val['name'];
}

if($a == 'add')
{
    $id = intval($_GET['id']);
    $data = $id ? $db->getrow('SELECT * FROM '.$table.' WHERE id = '.$id) : array();
    
    $tpl->display('admin/index_add');
}
else if($a == 'del')
{
    $id = trim($_GET['id']);
    if($id)
    {
        $id = explode(',',$id);
        foreach($id as $key => $val)
        {
			$id[$key] = intval($val);
        }
        $id = implode(',',$id);
		
        $flag = $_GET['flag'] ? 1 : 0;
        $db->exec('UPDATE '.$table.' SET status = '.$flag." WHERE id IN ('".$id."')");
        AjaxReturn(['error'=>'0','msg'=>'操作成功']);
    }else{
        AjaxReturn(['error'=>'1','msg'=>'参数错误']);
    }
}
else
{
	$data  = array();
	$where = ' FROM '.$table.' t WHERE 1 ';
    
    $status = intval($_GET['status']);
    if($status == 1)
    {
        $where .= ' AND t.status = 1';  //  正常
    }
    else if($status == -1)
    {
        $where .= ' AND t.status = 0';  //  锁定
    }
    
    $gid = intval($_GET['gid']);
    $gid && $where .= ' AND t.gid = '.$gid;
    
	$title = NoBadStr($_GET['title']);
	$title && $where .= ' AND t.username LIKE \'%'.$title.'%\' ';

	$tmp = $db->getrow('SELECT COUNT(1) AS p '.$where);
	if($tmp['p'])
	{
		$page = max(1,intval($_GET['page']));
		$size = 20;
		$limit    = ' LIMIT '.($page - 1) * $size.','.$size;
		
		$orderby = ' ORDER BY t.id DESC ';
		$url = '?m='.$m.'&c='.$c.'&a='.$a.'&title='.$title.'&status='.$status.'&gid='.$gid;
		
		$data = $db->getall('SELECT t.* '.$where.$orderby.$limit);
        foreach($data as $key => $val)
        {
            $data[$key]['gname'] = $group[$val['gid']];
        }
		
		$multi = Multi($url,$page,$tmp['p'],$size);
	}
	
	$tpl->display('admin/index');
}

?>